Difference between revisions of "Ssh Ciphers"

From UVOO Tech Wiki
Jump to navigation Jump to search
 
Line 1: Line 1:
 +
https://www.thegeekdiary.com/how-to-disable-weak-cipher-and-insecure-hmac-algorithms-in-ssh-services-in-centos-rhel-8/
 +
 
```
 
```
 
ssh -Q kex host.example.com
 
ssh -Q kex host.example.com

Latest revision as of 22:50, 18 February 2022

https://www.thegeekdiary.com/how-to-disable-weak-cipher-and-insecure-hmac-algorithms-in-ssh-services-in-centos-rhel-8/ 

ssh -Q kex host.example.com
ssh -Q cipher host.example.com

You can manually try ciphers and then end up using something like sftp -c aes256-cbc -oKexAlgorithms=diffie-hellman-group14-sha1host.example.com but it's better to just update server to support newer ciphers. 

sudo sshd -T | grep "\(ciphers\|macs\|kexalgorithms\)"
Raw
 sshd -T shows full SSHD config file 
Also you could try nmap as well:

Raw
nmap -vv --script=ssh2-enum-algos.nse localhost
Or another:

Raw
 gnutls-cli -l
Or:

Raw
ssh -Q mac
Raw
ssh –vv Servername ciphers listed
ssh –Q kex
ssh -Q cipher
 ssh -Q cipher-auth
  ssh -Q mac
  ssh -Q kex
  ssh -Q key
Retrieved from "https://tech.uvoo.io/index.php?title=Ssh_Ciphers&oldid=2731"